Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
2
-
1
-
Description
Facts
- The "Anonymous Access to Remote API" checkbox button is for SOAP/XML-RPC and not for REST API
- There is no equivalent control of REST API in Confluence
Expectation
Be able to restrict anonymous Remote API access to confluence even though Confluence has "Anonymous Access" enabled on UI side
Sample use case:
If users would like to have spaces with anonymous access via theUI, but we want to keep the API restricted.
For example, if users has a reverse proxy in front of their Confluence installation which implements certain security checks, and they do not want people to be able to access content without having first passed through this layer. The security checks rely on a browser, so they cannot easily pass requests to the REST API through it.
Attachments
Issue Links
- is related to
-
CONFSERVER-52360 Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
- Closed